lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: aliver at xexil.com (aliver@...il.com)
Subject: RC4 and Lotus Notes

	While developing something boring using the Lotus C API for Linux.
I noticed while using valgrind that functions like NSFNoteDecrypt()  and
NSFNoteIsSignedOrSealed() are still making use of RC4 encryption with a
256 bit key even when I use "strong" encryption settings in it's lame
windows MegaGUI. IIRC, RC4 is known to have some weaknesses in it's key
scheduling that have yielded some interesting results (WEP, Winnt, etc..).
	I'm pretty sure my libnotes.so is up to date. Am I misinformed
about the choice of crypto in Lotus Notes? Anyone know of plans to change
this? I guess it doesn't matter since nobody is masochistic enough to work
on a brute forcer for something as nasty as LN. It's what you call
"security-through-being-so-disgusting-no-one-will-play-with-you" or "the
hagfish method."

aliver

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ